Firefox 95’s new sandbox aims to isolate and stop all threats on day 1

Ewdison Then - Dec 8, 2021, 11:29am CST
Firefox 95’s new sandbox aims to isolate and stop all threats on day 1

Web browsers have become not only more powerful but also more complicated over the past decade. While this might work in people’s favor as far as features are concerned, it can also work against them when their security and privacy are involved. Threat actors tirelessly look for vulnerabilities to exploit in order to gain access to users’ computers and phones, while browser makers play a never-ending game of cat and mouse to plug up those holes. Mozilla believes it has come up with a longer-lasting solution to this problem and is shipping Firefox version 95 with a new kind of sandbox that could protect users even from bugs that appear on day one of a release.

Image Credit: Mozilla

Sandboxing is a strategy that isolates a program from the rest of the operating system to prevent it from accessing parts of the system it has no business touching. Almost all web browsers these days use this technique, isolating each software process, usually each site or feature, in its own sandbox. Hackers continually try to abuse bugs in such sandboxing systems in order to break out of the borders and potentially wreak havoc on a user’s computer.

Firefox 95‘s new solution to this security problem is called RLBox, and it was developed together with the University of California San Diego and the University of Texas. Rather than just isolating processes, RLBox effectively isolates code by using a two-step compilation process. In practice, this means that buggy code is stopped right at the beginning and can’t suddenly just jump around the program that usually results in accessing restricted areas of computer memory that, in turn, leads to security exploits.

RLBox isn’t a panacea, however, and there are parts of the browser that are immediately excluded from it. These parts often involve sharing memory with the rest of the browser or are so performance-critical that even a slight delay can be disastrous. At the moment, only five modules are using this sandbox, including Firefox’s multimedia, font, and spelling systems.

Image Credit: Mozilla

Firefox 95 also brings other new tidbits to the browser, including its official availability on the Microsoft Store. macOS users will probably be happy to know that this version advertises reduced CPU usage as well as reduced power usage when streaming videos. RLBox sandboxing is available for both desktop and mobile versions of Firefox on all supported platforms.


Must Read Bits & Bytes